{"id":5652,"date":"2012-12-28T21:46:45","date_gmt":"2012-12-29T00:46:45","guid":{"rendered":"http:\/\/www.ethicalhacker.com.br\/site\/?p=5652"},"modified":"2019-07-16T14:33:31","modified_gmt":"2019-07-16T17:33:31","slug":"nmap-ninja","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2012\/12\/tutorial-backtrack\/nmap-ninja\/","title":{"rendered":"NMAP Ninja"},"content":{"rendered":"<p style=\"text-align: justify;\">A ferramenta NMAP \u00e9 sem d\u00favida uma das melhores op\u00e7\u00f5es quando o assunto \u00e9 varreduras de portas.<\/p>\n<p style=\"text-align: justify;\">No Backtrack os arquivos de configura\u00e7\u00e3o podem ser encontrados em \/usr\/local\/share\/nmap\/.<\/p>\n<p style=\"text-align: justify;\">Quando usu\u00e1rio root, varreduras furtivas podem ser executadas, exemplo exame SYN.<\/p>\n<p style=\"text-align: justify;\">A seguir executaremos uma simples varredura utilizando o m\u00e9todo TCP Connect -sT, devemos ter em mente que \u00e9 o escaneamento mais barulhento que existe, pois executa o Three-way Handshake.<\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/18.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-5653\" title=\"1\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/18-300x171.png\"  alt=\"\" width=\"300\" height=\"171\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/18-300x171.png 300w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/18.png 856w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><strong>Descobrindo vers\u00f5es<\/strong> com o comando \u2013sV, note que na figura a seguir limitamos a varredura somente a porta 80 \u2013p 80.<\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/29.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-5654\" title=\"2\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/29-300x170.png\"  alt=\"\" width=\"300\" height=\"170\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/29-300x170.png 300w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/29.png 857w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><strong>Varredura inteligente<\/strong>, a seguir faremos a varredura de um range a procura de servi\u00e7os NetBIOS\/SMB, -p 139.<\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/36.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-5655\" title=\"3\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/36-300x211.png\"  alt=\"\" width=\"300\" height=\"211\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/36-300x211.png 300w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/36-1024x721.png 1024w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/36.png 1025w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><strong>Fazendo reconhecimento<\/strong>, atrav\u00e9s do comando \u2013O \u00e9 poss\u00edvel executar OS Fingerprinting ou impress\u00e3o digital onde podemos detectar a vers\u00e3o do sistema operacional.<\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/47.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-5656\" title=\"4\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/47-300x182.png\"  alt=\"\" width=\"300\" height=\"182\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/47-300x182.png 300w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/47-1024x621.png 1024w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/47.png 1026w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">Atrav\u00e9s do<strong> Nmap Scripting Engine (NSE)<\/strong> \u00e9 poss\u00edvel tirar proveito de scripts automatizados, exemplo vulnerabilidade a exploits e enumera\u00e7\u00e3o de servi\u00e7os, basta o comando locate *nse<\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/57.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-5657\" title=\"5\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/57-300x224.png\"  alt=\"\" width=\"300\" height=\"224\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/57-300x224.png 300w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/57.png 852w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">Detectando vulnerabilidades smb com o comando \u2013script, repare que o alvo encontra-se vulner\u00e1vel MS08-067<\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/65.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-5658\" title=\"6\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/65-300x188.png\"  alt=\"\" width=\"300\" height=\"188\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/65-300x188.png 300w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/65.png 986w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\"><strong>Detectando firewalls<\/strong>, tamb\u00e9m \u00e9 poss\u00edvel verificar a exist\u00eancia de firewall, ou seja, se as portas est\u00e3o filtradas ou n\u00e3o, o comando \u00e9 simples \u00a0\u2013sA.<\/p>\n<p style=\"text-align: justify;\"><a href=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/78.png\" class=\"gallery_colorbox\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-5659\" title=\"7\" src=\"http:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/78-300x148.png\"  alt=\"\" width=\"300\" height=\"148\" srcset=\"https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/78-300x148.png 300w, https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/78.png 983w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p style=\"text-align: justify;\">Bem, s\u00e3o in\u00fameras as possibilidades &#8230; mas fica ai a dica.<\/p>\n<p style=\"text-align: justify;\">At\u00e9 a pr\u00f3xima !!!<\/p>\n<p style=\"text-align: justify;\">\r\n\t\t<div class='author-shortcodes'>\r\n\t\t\t<div class='author-inner'>\r\n\t\t\t\t<div class='author-image'>\r\n\t\t\t<img src='https:\/\/www.ethicalhacker.com.br\/site\/wp-content\/uploads\/186048_100001838322519_1550894_n-11668_57x57.jpg' alt='' \/>\r\n\t\t\t<div class='author-overlay'><\/div>\r\n\t\t<\/div> <!-- .author-image --> \r\n\t\t<div class='author-info'>\r\n\t\t\t<p style=\"text-align: justify;\">Autor: S\u00edlvio C\u00e9sar Roxo Giavaroto<\/p>\n<p style=\"text-align: justify;\">\u00c9 MBA Especialista em Gest\u00e3o de Seguran\u00e7a da Informa\u00e7\u00e3o,\nTecn\u00f3logo em Redes de Computadores, C|EH Certified Ethical Hacker,\natua como Pentest e Analista de Seguran\u00e7a em Servidores Linux no\nGoverno do Estado de S\u00e3o Paulo, Professor Universit\u00e1rio , Instrutor\nC|EH e C|HFI.<\/p>\n<p style=\"text-align: justify;\">\r\n\t\t<\/div> <!-- .author-info --><\/p>\n<p style=\"text-align: justify;\">\r\n\t\t\t<\/div> <!-- .author-inner -->\r\n\t\t<\/div> <!-- .author-shortcodes --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A ferramenta NMAP \u00e9 sem d\u00favida uma das melhores op\u00e7\u00f5es quando o assunto \u00e9 varreduras de portas. No Backtrack os arquivos de configura\u00e7\u00e3o podem ser encontrados em \/usr\/local\/share\/nmap\/. Quando usu\u00e1rio root, varreduras furtivas podem ser executadas, exemplo exame SYN. A seguir executaremos uma simples varredura utilizando o m\u00e9todo TCP Connect -sT, devemos ter em mente [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":5662,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[101],"tags":[],"class_list":["post-5652","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorial-backtrack"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/5652","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=5652"}],"version-history":[{"count":3,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/5652\/revisions"}],"predecessor-version":[{"id":10525,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/5652\/revisions\/10525"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/5662"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=5652"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=5652"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=5652"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}